Java Runtime Environment 7 update 99 (32-bit) Available (x64) - CORRUPT PATCH
Log In or Register to download the BES file, and more.

0 Votes

Description

The listed computers have faulty installations of the latest Java Runtime Environment. BigFix recommends reinstalling this update to ensure the safety of affected computers. For more information about corrupt patches, see BigFix KB #166.

Oracle has released a new version of the Java SE Runtime Environment (JRE). Use the action below to update Java to version 7 update 99.

Note: Affected computers may report back as 'Pending Restart' once the patch has run successfully, but will not report back their final status until the computer has been restarted.

Important Note: The Java Runtime Environment update does not remove versions of JRE older than JRE 7 update 99. Multiple versions of JRE may be present on affected computers after applying the action below. Fixlet message "Multiple JRE Versions Installed" (ID 7052001) can be used to uninstall older versions of the Java Runtime Environment.

Important Note: Follow the link for the 'Java SE Runtime Environment (JRE) 7 update 99' download on this page. For more information about manually caching file downloads on the BES Server, please see the following BigFix Support Knowledge Base article.

Important Note: For Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 users, the installation may fail if the User Account Control (UAC) is enabled.

Important Note: To avoid any service interruption on the client computer, use the default action only when client computers do not have any running instances of Java, Internet Explorer, or Firefox. The default action does not close any running instances these applications on the client machines. If any of these applications are running on the client computers, the default action might fail. Schedule the update to occur at a time when the client machine is not using these applications.

Important Note: Choosing the "Upgrade to the latest JRE regardless of whether or not Internet Explorer, Firefox, or Java is currently running action" will close any running instance of Internet Explorer, Firefox, or Java on the client machines. Please schedule the update to occur at a time when a service interruption is acceptable.

CVE:

CVE-2016-0636

Property Details

ID10609
StatusProduction - Fully Tested and Ready for Production
TitleJava Runtime Environment 7 update 99 (32-bit) Available (x64) - CORRUPT PATCH
DomainBESC
CategoryCritical Updates
Download Size29905984
SourceOracle
Source ID22961080
Source SeverityCritical
Source Release Date3/23/2016 12:00:00 AM
CVENamesCVE-2016-0636
SANSIDUnspecified
KeywordsJava, JRE, Java Update, 7u99, 7 upodate 99
Added by on 3/30/2016 9:48:15 AM
Last Modified by on 3/30/2016 9:48:15 AM
Counters 3645 Views / 3 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 365 fixlets   * Results in a true/false
Show indented relevance
(if( name of operating system starts with "Win" ) then platform id of operating system != 3 else false) AND (if exists property "in proxy agent context" then ( not in proxy agent context ) else true )
Used in 93 fixlets and 2 analyses   * Results in a true/false
Show indented relevance
version of client >= "6.0"
Used in 257 fixlets and 9 analyses   * Results in a true/false
Show indented relevance
name of operating system as lowercase starts with "win"
Used in 381 fixlets and 2 analyses   * Results in a true/false
Show indented relevance
x64 of operating system
Used in 46 fixlets   * Results in a true/false
Show indented relevance
NOT pending restart
Used in 103 fixlets   * Results in a true/false
Show indented relevance
not exists values "PROCESSOR_ARCHITECTURE" whose (it as string as lowercase = "ia64") of keys "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" of registry
Used in 73 fixlets   * Results in a true/false
Show indented relevance
exists file "msiexec.exe" whose (version of it >= "3.0") of system folder
Used in 14 fixlets   * Results in a true/false
Show indented relevance
((exists it) AND ((exists value "InstallingJava7_32" whose (it = 1) of it))) of key "HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\JavaInstallation" of registry
Used in 1 fixlet   * Results in a true/false
Show indented relevance
NOT exists value "DisplayVersion" whose ((it = "7" and it >= "7.0.990") of (it as string as version)) of keys whose (value "DisplayName" of it as string as lowercase contains "j2se runtime environment" OR value "DisplayName" of it as string as lowercase contains "runtimeenvironment" OR value "DisplayName" of it as string as lowercase starts with "java(tm)" OR value "DisplayName" of it as string as lowercase starts with "java 7") of key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of x32 registry

Actions

Action 1

Action Link Click here to initiate the deployment process.
Script Type BigFix Action Script
begin prefetch block    
add prefetch item name = jre-7u99-windows-i586.exe sha1=87e1c38767c2a2f309817debdf0c5539b9c0df5d size=29905984 url={value of setting "_BESClient_AllowCustomRepoDownloads" of client | "http://download.oracle.com/MANUAL_BES_CACHING_REQUIRED/"}jre-7u99-windows-i586.exe sha256=877e5a35340c7fc9e99e86401070fbd2b128c0c9a4fc2683c5bca3193c709ea3
end prefetch block

continue if {not exists running application whose ((it = "java.exe" OR it = "javaw.exe" OR it = "javaws.exe" OR it = "iexplore.exe" OR it = "firefox.exe") of (name of it as lowercase))}

// Note: update .exe will restart service automatically
if{exists running service "JavaQuickStarterService"}
delete __appendfile
delete stop_javaquickstarter.bat
appendfile net stop JavaQuickStarterService
move __appendfile stop_javaquickstarter.bat
waithidden stop_javaquickstarter.bat
endif



regset "[HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\JavaInstallation]" "InstallingJava7_32"=dword:00000001

//if it is win2k/2k3/xp system, just invoke the .exe installer
if {(name of it contains "Win2000" or name of it contains "WinXP" or name of it contains "Win2003") of operating system}
waithidden __Download\jre-7u99-windows-i586.exe /s


else
// Remove any existing directory junction point
dos %windir%\syswow64\cmd.exe /C fsutil reparsepoint delete "%windir%\syswow64\config\systemprofile\appdata\locallow\sun\java"
// delete java directory in 32bit version of system32, if any
dos rmdir /q /s "%windir%\syswow64\config\systemprofile\appdata\locallow\sun\java"
//create a java folder under system32 folder if not exists
if {not exist folder (system folder as string &"\config\systemprofile\appdata\locallow\sun\java")}
action uses wow64 redirection false
dos mkdir "%windir%\system32\config\systemprofile\appdata\locallow\sun\java"
endif
// create ntfs junction point from 32bit version of system32 java files to sysnative version
// (NOTE: mklink argument seems to be in native path perspective, so system32 is correct here, not sysnative)
action uses wow64 redirection false
dos mklink /J "%windir%\syswow64\config\systemprofile\appdata\locallow\sun\java" "%windir%\system32\config\systemprofile\appdata\locallow\sun\java"


// Finally, try to install java...
action uses wow64 redirection false
dos %windir%\syswow64\cmd.exe /C __Download\jre-7u99-windows-i586.exe /s

endif

action may require restart "87e1c38767c2a2f309817debdf0c5539b9c0df5d"

continue if {((exists value "DisplayVersion" whose ((it >= "7.0.990") of (it as string as version)) of keys whose (value "DisplayName" of it as string as lowercase contains "j2se runtime environment" OR value "DisplayName" of it as string as lowercase contains "runtimeenvironment" OR value "DisplayName" of it as string as lowercase starts with "java(tm)" OR value "DisplayName" of it as string as lowercase starts with "java 7") of it) AND (exists key whose (((it contains "java" OR it contains "j2se") AND (it contains "runtime environment" OR it contains "update")) of (value "DisplayName" of it as string as lowercase)) of it)) of key "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall" of x32 registry}

regdelete "[HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\JavaInstallation]" "InstallingJava7_32"
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 2

Action Link Click here to upgrade to the latest JRE regardless of whether or not Internet Explorer, Firefox, or Java is currently running.
Script Type BigFix Action Script
begin prefetch block    
add prefetch item name = jre-7u99-windows-i586.exe sha1=87e1c38767c2a2f309817debdf0c5539b9c0df5d size=29905984 url={value of setting "_BESClient_AllowCustomRepoDownloads" of client | "http://download.oracle.com/MANUAL_BES_CACHING_REQUIRED/"}jre-7u99-windows-i586.exe sha256=877e5a35340c7fc9e99e86401070fbd2b128c0c9a4fc2683c5bca3193c709ea3
end prefetch block

// Note: update .exe will restart service automatically
if{exists running service "JavaQuickStarterService"}
delete __appendfile
delete stop_javaquickstarter.bat
appendfile net stop JavaQuickStarterService
move __appendfile stop_javaquickstarter.bat
waithidden stop_javaquickstarter.bat
endif

waithidden {if (name of operating system = "WinXP" AND personal bit (suite mask of operating system)) then "tskill java /a" else "taskkill /F /IM java.exe"}
waithidden {if (name of operating system = "WinXP" AND personal bit (suite mask of operating system)) then "tskill javaw /a" else "taskkill /F /IM javaw.exe"}
waithidden {if (name of operating system = "WinXP" AND personal bit (suite mask of operating system)) then "tskill javaws /a" else "taskkill /F /IM javaws.exe"}
waithidden {if (name of operating system = "WinXP" AND personal bit (suite mask of operating system)) then "tskill iexplore /a" else "taskkill /F /IM iexplore.exe"}
waithidden {if (name of operating system = "WinXP" AND personal bit (suite mask of operating system)) then "tskill firefox /a" else "taskkill /F /IM firefox.exe"}

regset "[HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\JavaInstallation]" "InstallingJava7_32"=dword:00000001

//if it is win2k/2k3/xp system, just invoke the .exe installer
if {(name of it contains "Win2000" or name of it contains "WinXP" or name of it contains "Win2003") of operating system}
waithidden __Download\jre-7u99-windows-i586.exe /s


else
// Remove any existing directory junction point
dos %windir%\syswow64\cmd.exe /C fsutil reparsepoint delete "%windir%\syswow64\config\systemprofile\appdata\locallow\sun\java"
// delete java directory in 32bit version of system32, if any
dos rmdir /q /s "%windir%\syswow64\config\systemprofile\appdata\locallow\sun\java"
//create a java folder under system32 folder if not exists
if {not exist folder (system folder as string &"\config\systemprofile\appdata\locallow\sun\java")}
action uses wow64 redirection false
dos mkdir "%windir%\system32\config\systemprofile\appdata\locallow\sun\java"
endif
// create ntfs junction point from 32bit version of system32 java files to sysnative version
// (NOTE: mklink argument seems to be in native path perspective, so system32 is correct here, not sysnative)
action uses wow64 redirection false
dos mklink /J "%windir%\syswow64\config\systemprofile\appdata\locallow\sun\java" "%windir%\system32\config\systemprofile\appdata\locallow\sun\java"


// Finally, try to install java...
action uses wow64 redirection false
dos %windir%\syswow64\cmd.exe /C __Download\jre-7u99-windows-i586.exe /s

endif

action may require restart "87e1c38767c2a2f309817debdf0c5539b9c0df5d"

continue if {((exists value "DisplayVersion" whose ((it >= "7.0.990") of (it as string as version)) of keys whose (value "DisplayName" of it as string as lowercase contains "j2se runtime environment" OR value "DisplayName" of it as string as lowercase contains "runtimeenvironment" OR value "DisplayName" of it as string as lowercase starts with "java(tm)" OR value "DisplayName" of it as string as lowercase starts with "java 7") of it) AND (exists key whose (((it contains "java" OR it contains "j2se") AND (it contains "runtime environment" OR it contains "update")) of (value "DisplayName" of it as string as lowercase)) of it)) of key "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall" of x32 registry}

regdelete "[HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\JavaInstallation]" "InstallingJava7_32"
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 3

Action Link Click here for more information about the latest version of JRE.
Script Type URL
http://www.oracle.com/technetwork/java/javase/jdk7-relnotes-429209.html
    

Action 4

Action Link Click here for security-related information from Oracle.
Script Type URL
http://java.sun.com/javase/technologies/security/index.jsp#overview
    

Action 5

Action Link Click here for more information from SANS on vulnerabilities in cross-platform applications.
Script Type URL
http://www.sans.org/top20/#c1
    

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!